How to build MongoDB with SSL for Linux

Insecure on the wire

By default, MongoDB transmits data in clear-text. That might be OK in your own network environment, but it's not so great for the cloud. If you want your traffic secure, it's up to you.

Fortunately, recent MongoDB releases can use connections protected by SSL. Unfortunately, SSL is not compiled into the publicly available binary downloads from 10gen. Nor is it available in the binary packages for Debian, Ubuntu or Redhat.

Subscribers only

If you want a nicely packaged MongoDB with SSL from 10gen, then you need a MongoDB Gold Subscription. It's a full package -- you get nearly unlimited, 24x7 technical support, you get emergency patches, and you get your SSL-compiled Subscriber Edition.

It also costs $4000 per server. Per year. Ouch!

Don't get me wrong -- if you can afford it, 10gen ties it all up with a nice bow and gives you support on top. Take it!

But if that's beyond your budget, then you only have one choice left.

Rocking open source

MongoDB is open source. You can get the source and do what you want with it. So you can compile SSL support into it yourself.

Even better, 10gen includes their Linux distribution packaging tools along with the rest of the source. That's awesome! So you can compile MongoDB and package it up to easily install it everywhere you need it.

Or can you?

Almost.

The packaging tool is a bit too customized for 10gen. So before you can use it, you have to fix it. The biggest problem is that it packages compiled binaries downloaded from 10gen's web site, so you have to patch it to use binaries you've compiled yourself instead. There are a couple other minor tweaks that I'll explain later.

Building your own package requires these three steps:

Compiling the binaries with SSL

Patching the packaging tool

Building the packages

I'll walk you through how I did it.

Compiling!

First step, compiling the binaries. Apparently you need to be on a Debian/Ubuntu machine for the packaging to work, so I used an Ubuntu laptop I had lying around.

I cloned the MongoDB repository from git://github.com/mongodb/mongo.git and created a branch based on the version 2.2.0 release tag ("r2.2.0").